package eu.emi.security.authn.x509.proxy;

import eu.emi.security.authn.x509.helpers.proxy.ExtendedProxyType;
import eu.emi.security.authn.x509.helpers.proxy.IPAddressHelper;
import eu.emi.security.authn.x509.helpers.proxy.ProxyACExtension;
import eu.emi.security.authn.x509.helpers.proxy.ProxyAddressRestrictionData;
import eu.emi.security.authn.x509.helpers.proxy.ProxyCertInfoExtension;
import eu.emi.security.authn.x509.helpers.proxy.ProxyHelper;
import eu.emi.security.authn.x509.helpers.proxy.ProxySAMLExtension;
import eu.emi.security.authn.x509.helpers.proxy.ProxyTracingExtension;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.asn1.x509.AttributeCertificate;

/* loaded from: input_file:eu/emi/security/authn/x509/proxy/ProxyChainInfo.class */
public class ProxyChainInfo {
    private X509Certificate[] chain;
    private int firstProxy;
    private ProxyChainType type;
    private ProxyPolicy[] policy;
    private Boolean limited;

    /* renamed from: eu.emi.security.authn.x509.proxy.ProxyChainInfo$1, reason: invalid class name */
    /* loaded from: input_file:eu/emi/security/authn/x509/proxy/ProxyChainInfo$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType = new int[ExtendedProxyType.values().length];

        static {
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.NOT_A_PROXY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.DRAFT_RFC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.RFC3820.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ExtendedProxyType.LEGACY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public ProxyChainInfo(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain passed may not be null or empty");
        }
        int length = x509CertificateArr.length - 1;
        while (true) {
            if (length < 0) {
                break;
            }
            if (ProxyUtils.isProxy(x509CertificateArr[length])) {
                this.firstProxy = length;
                this.chain = x509CertificateArr;
                break;
            }
            length--;
        }
        if (length == -1) {
            throw new CertificateException("There is no proxy certificate in the chain");
        }
    }

    public BigInteger[] getSerialNumbers() {
        BigInteger[] bigIntegerArr = new BigInteger[this.chain.length];
        for (int i = 0; i < this.chain.length; i++) {
            bigIntegerArr[i] = this.chain[i].getSerialNumber();
        }
        return bigIntegerArr;
    }

    public ProxyChainType getProxyType() throws CertificateException {
        if (this.type != null) {
            return this.type;
        }
        for (int i = 0; i <= this.firstProxy; i++) {
            switch (AnonymousClass1.$SwitchMap$eu$emi$security$authn$x509$helpers$proxy$ExtendedProxyType[ProxyHelper.getProxyType(this.chain[i]).ordinal()]) {
                case ProxyTracingExtension.SUBJECT_EXTENSION /* 2 */:
                    if (this.type == null) {
                        this.type = ProxyChainType.DRAFT_RFC;
                        break;
                    } else if (this.type != ProxyChainType.DRAFT_RFC) {
                        this.type = ProxyChainType.MIXED;
                        break;
                    } else {
                        break;
                    }
                case 3:
                    if (this.type == null) {
                        this.type = ProxyChainType.RFC3820;
                        break;
                    } else if (this.type != ProxyChainType.RFC3820) {
                        this.type = ProxyChainType.MIXED;
                        break;
                    } else {
                        break;
                    }
                case 4:
                    if (this.type == null) {
                        this.type = ProxyChainType.LEGACY;
                        break;
                    } else if (this.type != ProxyChainType.LEGACY) {
                        this.type = ProxyChainType.MIXED;
                        break;
                    } else {
                        break;
                    }
            }
        }
        return this.type;
    }

    public int getFirstProxyPosition() {
        return this.firstProxy;
    }

    public boolean isLimited() throws CertificateException, IOException {
        if (this.limited != null) {
            return this.limited.booleanValue();
        }
        for (int i = 0; i <= this.firstProxy; i++) {
            if (ProxyHelper.isLimited(this.chain[i])) {
                this.limited = true;
                return true;
            }
        }
        this.limited = false;
        return false;
    }

    public ProxyPolicy[] getPolicy() throws IOException {
        ProxyCertInfoExtension proxyCertInfoExtension;
        if (this.policy != null) {
            return this.policy;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = this.firstProxy; i >= 0; i--) {
            ExtendedProxyType proxyType = ProxyHelper.getProxyType(this.chain[i]);
            if ((proxyType == ExtendedProxyType.DRAFT_RFC || proxyType == ExtendedProxyType.RFC3820) && (proxyCertInfoExtension = ProxyCertInfoExtension.getInstance(this.chain[i])) != null) {
                arrayList.add(proxyCertInfoExtension.getPolicy());
            }
        }
        this.policy = (ProxyPolicy[]) arrayList.toArray(new ProxyPolicy[arrayList.size()]);
        return this.policy;
    }

    public String[] getProxyTracingIssuers() throws IOException {
        String[] strArr = new String[this.chain.length];
        for (int i = 0; i < this.chain.length; i++) {
            ProxyTracingExtension proxyTracingExtension = ProxyTracingExtension.getInstance(this.chain[i], true);
            strArr[i] = proxyTracingExtension == null ? null : proxyTracingExtension.getURL();
        }
        return strArr;
    }

    public String[] getProxyTracingSubjects() throws IOException {
        String[] strArr = new String[this.chain.length];
        for (int i = 0; i < this.chain.length; i++) {
            ProxyTracingExtension proxyTracingExtension = ProxyTracingExtension.getInstance(this.chain[i], false);
            strArr[i] = proxyTracingExtension == null ? null : proxyTracingExtension.getURL();
        }
        return strArr;
    }

    public String[] getSAMLExtensions() throws IOException {
        String[] strArr = new String[this.chain.length];
        for (int i = 0; i < this.chain.length; i++) {
            ProxySAMLExtension proxySAMLExtension = ProxySAMLExtension.getInstance(this.chain[i]);
            if (proxySAMLExtension != null) {
                strArr[i] = proxySAMLExtension.getSAML();
            }
        }
        return strArr;
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [org.bouncycastle.asn1.x509.AttributeCertificate[], org.bouncycastle.asn1.x509.AttributeCertificate[][]] */
    public AttributeCertificate[][] getAttributeCertificateExtensions() throws IOException {
        ?? r0 = new AttributeCertificate[this.chain.length];
        for (int i = 0; i < this.chain.length; i++) {
            ProxyACExtension proxyACExtension = ProxyACExtension.getInstance(this.chain[i]);
            if (proxyACExtension != null) {
                r0[i] = proxyACExtension.getAttributeCertificates();
            }
        }
        return r0;
    }

    public int getRemainingPathLimit() throws IOException {
        int i = Integer.MAX_VALUE;
        for (int i2 = this.firstProxy; i2 >= 0; i2--) {
            int proxyPathLimit = ProxyHelper.getProxyPathLimit(this.chain[i2]);
            i = proxyPathLimit < i ? proxyPathLimit : i - 1;
        }
        return i;
    }

    public byte[][][] getProxySourceRestrictions() throws IOException {
        return getProxyRestrictions(true);
    }

    public byte[][][] getProxyTargetRestrictions() throws IOException {
        return getProxyRestrictions(false);
    }

    public boolean isHostAllowedAsSource(byte[] bArr) throws IOException {
        return isHostAllowed(bArr, getProxySourceRestrictions());
    }

    public boolean isHostAllowedAsTarget(byte[] bArr) throws IOException {
        return isHostAllowed(bArr, getProxyTargetRestrictions());
    }

    private List<List<byte[]>> union(byte[][] bArr, List<byte[]> list, List<byte[]> list2) {
        ArrayList arrayList = new ArrayList();
        if (bArr == null) {
            arrayList.add(list);
            arrayList.add(list2);
            return arrayList;
        }
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        if (list != null) {
            arrayList2.addAll(list);
        }
        if (list2 != null) {
            arrayList3.addAll(list2);
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i].length == 8) {
                arrayList2.add(bArr[i]);
            } else {
                if (bArr[i].length != 32) {
                    throw new IllegalArgumentException("IP space definition has to be either 8 bytes or 32 bytes, length was: " + bArr.length);
                }
                arrayList3.add(bArr[i]);
            }
        }
        arrayList.add(arrayList2);
        arrayList.add(arrayList3);
        return arrayList;
    }

    private List<List<byte[]>> intersection(byte[][] bArr, List<byte[]> list, List<byte[]> list2) {
        ArrayList<byte[]> arrayList;
        int i;
        ArrayList arrayList2 = new ArrayList();
        if (bArr == null) {
            arrayList2.add(list);
            arrayList2.add(list2);
            return arrayList2;
        }
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (bArr[i2].length == 8) {
                arrayList = arrayList3;
                i = 8;
            } else {
                if (bArr[i2].length != 32) {
                    throw new IllegalArgumentException("Invalid namespace definition, length should be 8 or 32 bytes. It was: " + bArr[i2].length + " bytes.");
                }
                arrayList = arrayList4;
                i = 32;
            }
            if (list == null || list2 == null) {
                arrayList.add(bArr[i2]);
            } else {
                byte[] copyOfRange = Arrays.copyOfRange(bArr[i2], 0, i / 2);
                for (byte[] bArr2 : arrayList) {
                    if (IPAddressHelper.isWithinAddressSpace(copyOfRange, bArr2)) {
                        boolean z = true;
                        int i3 = 0;
                        while (true) {
                            if (i3 >= i / 2) {
                                break;
                            }
                            if ((bArr2[i3 + (i / 2)] & 255) < (bArr[i2][i3 + (i / 2)] & 255)) {
                                z = false;
                                break;
                            }
                            i3++;
                        }
                        if (z) {
                            arrayList.add(bArr[i2]);
                        } else {
                            arrayList.add(bArr2);
                        }
                    }
                }
            }
        }
        arrayList2.add(arrayList3);
        arrayList2.add(arrayList4);
        return arrayList2;
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [byte[][], byte[][][]] */
    private byte[][][] getProxyRestrictions(boolean z) throws IOException {
        List<byte[]> list = null;
        List<byte[]> list2 = null;
        List<byte[]> list3 = null;
        List<byte[]> list4 = null;
        boolean z2 = false;
        for (int length = this.chain.length - 1; length >= 0; length--) {
            ProxyAddressRestrictionData proxyAddressRestrictionData = ProxyAddressRestrictionData.getInstance(this.chain[length], z);
            if (proxyAddressRestrictionData != null) {
                z2 = true;
                byte[][][] iPSpaces = proxyAddressRestrictionData.getIPSpaces();
                List<List<byte[]>> intersection = intersection(iPSpaces[0], list, list2);
                list = intersection.get(0);
                list2 = intersection.get(1);
                List<List<byte[]>> union = union(iPSpaces[1], list3, list4);
                list3 = union.get(0);
                list4 = union.get(1);
            }
        }
        if (!z2) {
            return (byte[][][]) null;
        }
        ?? r0 = new byte[2];
        if (list == null || list2 == null) {
            r0[0] = new byte[0];
        } else {
            r0[0] = concatArrays((byte[][]) list.toArray(new byte[0][0]), (byte[][]) list2.toArray(new byte[0][0]));
        }
        if (list3 == null || list4 == null) {
            r0[1] = new byte[0];
        } else {
            r0[1] = concatArrays((byte[][]) list3.toArray(new byte[0][0]), (byte[][]) list4.toArray(new byte[0][0]));
        }
        return r0;
    }

    private boolean isHostAllowed(byte[] bArr, byte[][][] bArr2) throws IOException {
        if (bArr2 == null) {
            return true;
        }
        for (int i = 0; i < bArr2[1].length; i++) {
            if (IPAddressHelper.isWithinAddressSpace(bArr, bArr2[1][i])) {
                return false;
            }
        }
        for (int i2 = 0; i2 < bArr2[0].length; i2++) {
            if (IPAddressHelper.isWithinAddressSpace(bArr, bArr2[0][i2])) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [byte[], byte[][]] */
    public static byte[][] concatArrays(byte[][] bArr, byte[][] bArr2) {
        int length = bArr.length;
        int length2 = bArr2.length;
        ?? r0 = new byte[length + length2];
        for (int i = 0; i < length; i++) {
            r0[i] = bArr[i];
        }
        for (int i2 = 0; i2 < length2; i2++) {
            r0[i2 + length] = bArr2[i2];
        }
        return r0;
    }

    static {
        CertificateUtils.configureSecProvider();
    }
}
